BUPT_MOE Telegram 2237
tgoop.com » United States » bupt.moe » Telegram web » Post 2237
bupt.moe
#security
英飞凌TPM的加密库被发现存在侧信道攻击。有物理接触设备的攻击者可以恢复出存在的ECDSA私钥,需要主动执行签名/验证,需要在线的攻击时间约为1小时,离线攻击时间约为1小时。
侧信道攻击原因为英飞凌的加密库对于扩展欧几里得算法保护实现有缺陷,导致存在计时泄露。因此这次攻击被发现者命名为 EUCLEAK 。

已经确认的影响范围:
1. 英飞凌SLB96xx之后的产品(到这次披露之前)
2. Yubikey 5全系(固件版本<5.7)
3. 飞天诚信 A22 Java Card (飞天诚信说A22这个卡已经不存在了,他们在英飞凌TPM上用的是自己的加密库)

source

私货时间:推销 @canokeys ,国产TPM,清华品质,值得信赖

更新1:中国电子护照用了英飞凌
www.tgoop.com/bupt_moe/2237
4.2K viewsedited  



tgoop.com/bupt_moe/2237
Create:
Last Update:

#security
英飞凌TPM的加密库被发现存在侧信道攻击。有物理接触设备的攻击者可以恢复出存在的ECDSA私钥,需要主动执行签名/验证,需要在线的攻击时间约为1小时,离线攻击时间约为1小时。
侧信道攻击原因为英飞凌的加密库对于扩展欧几里得算法保护实现有缺陷,导致存在计时泄露。因此这次攻击被发现者命名为 EUCLEAK 。

已经确认的影响范围:
1. 英飞凌SLB96xx之后的产品(到这次披露之前)
2. Yubikey 5全系(固件版本<5.7)
3. 飞天诚信 A22 Java Card (飞天诚信说A22这个卡已经不存在了,他们在英飞凌TPM上用的是自己的加密库)

source

私货时间:推销 @canokeys ,国产TPM,清华品质,值得信赖

更新1:中国电子护照用了英飞凌

BY bupt.moe


Share with your friend now:
tgoop.com/bupt_moe/2237

View MORE
Open in Telegram


Telegram News

Date: |

Deputy District Judge Peter Hui sentenced computer technician Ng Man-ho on Thursday, a month after the 27-year-old, who ran a Telegram group called SUCK Channel, was found guilty of seven charges of conspiring to incite others to commit illegal acts during the 2019 extradition bill protests and subsequent months. Just as the Bitcoin turmoil continues, crypto traders have taken to Telegram to voice their feelings. Crypto investors can reduce their anxiety about losses by joining the “Bear Market Screaming Therapy Group” on Telegram. With the “Bear Market Screaming Therapy Group,” we’ve now transcended language. Read now In the “Bear Market Screaming Therapy Group” on Telegram, members are only allowed to post voice notes of themselves screaming. Anything else will result in an instant ban from the group, which currently has about 75 members.
from us


#security

bupt.moe TG
web: 2237
bupt.moe.Telegram web
bupt.moe Telegram TG Channel
Telegram Updated:
Telegram bupt.moe
FROM American